How To Combat Ransomware With Deep Learning

Avoid becoming a malware statistic

The stats are sobering: 54% of organisations have been hit by ransomware in the past 12 months; 77% of those hit were running up-to-date endpoint protection; and it costs the average business about $170,000 to clean up the mess.

You need next-level protection to avoid becoming a statistic. Such protection will also help you comply with tough new legislation (Australia’s Notifiable Data Breach and the EU’s General Data Protection Regulation come into play this year).

The answer to this growing security problem is AI. Used in the right way, it can create a deep learning neural network that detects both known and unknown malware – without relying on signatures.

In this webinar, you will learn:

  • Findings from the global study, ‘The State of Endpoint Security Today’, which included Australian respondents.
  • How the Sophos Intercept X deep learning neural network makes it smarter, more scalable and higher performing than other security solutions.
  • How Brennan IT embeds Sophos Intercept X as a key solution in our security portfolio and our overall protection layer for customers.

Questions and Answers

Here is a summary of the questions and answer session from this webinar.

Q: Why do you use Windows Defender AND Sophos – isn’t Sophos sufficient?

A: : Intercept X can work alongside 3rd party anti-malware products. If you have Sophos Endpoint Protection Advance, there is no need to have Windows Defender. You can have the Sophos Endpoint Protection Advanced doing the traditional detections and Intercept X performing next generation, all under one agent.

Q: What is the retention rate of Sophos clients? What is the % of Sophos clients being attacked and breached and having to pay a ransom?

A: Sophos always provides Endpoint Advanced and Intercept X that gives customers the capability to monitor network shares, local files systems, USB drives and be able to analyse the processes that are malicious or not. In the event a process is hijacked, Intercept X – Cryptoguard comes into protecting you against the variants of the Wanna Cry and Petya ransomware. With the anti-exploit technique, Sophos will be able to stop the delivery of ransomware by blocking exploit techniques. Anyone who is running Intercept X is fully protected against ransomware.

Q: With the money-back guarantee, what does that cover? For instance, if we had been using your products and we had a ransomware attack that ends up costing 80K to rectify, does Brennan cover that cost?

A: No, we don’t cover that cost. That’s a consequential loss and is not covered by our contracts. What we do cover is the cost of the service i.e. if you are paying $10,000 a month for the full suite of security services and if you get breached, we will give you the $10,000 back.

Q: Are there any limitations across multiple Windows OS’s? And are there any limitations on Windows Server 2008 r2?

A: Intercept X is available on Windows endpoints. For servers, we have Server Protection Advanced from Sophos. CryptoGuard on Windows server platforms detects and blocks both local and remote attacks. Similar to the Cryptoguard capability, scans every file, monitors processes that are attempting encryption your files. It validates and drops the process that is bad encryption and rollback. The Anti Exploit component is coming soon to Sophos Server Protection Advanced.

Q: Does Intercept X require much setup-configuration – e.g. configuring log capture etc?

A: No. You download the agent from Sophos central, the agent will have the endpoint protection + Intercept X component. One agent doing everything. Every time there is a malware exploit attack, it will prompt the admin a warning and provide a full detailed root cause analysis of the attempted attack. For example; what machine was affected, time and date, username logged in, what files were about to be affected, any business files, any registry involved and was it trying to communicate to a command or control server communication. This will be articulated in a report document.

Q: In the event that a server has Sophos advanced protection, and a client PC does not have protection if the client gets a cryptovirus, will the File share be protected against encryption?

A: As long you have Sophos Server Protection Advance, it has the Cryptoguard technology which will pick up and prevent it. Intercept X will protect what happens on the end-user endpoints machine and Server Protection Advanced will pick up everything that occurs on the server. It’s best to have both.

Q: Does Intercept X have any major impact on local workstation performance and/or SharePoint Online performance?

A: No, the agent is very lightweight and Intercept X is signature-less technology.

Q: How does crypto attack SharePoint online documents?

A: If there is shared map access on to the endpoint and if the files are being read or written, Intercept X – Cryptoguard will stop the process and revert them back.